CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
94.2%
GnuTLS project reports:
A vulnerability was discovered that affects the
certificate verification functions of all gnutls
versions. A specially crafted certificate could
bypass certificate validation checks. The
vulnerability was discovered during an audit of
GnuTLS for Red Hat.
Suman Jana reported a vulnerability that affects
the certificate verification functions of
gnutls 2.11.5 and later versions. A version 1
intermediate certificate will be considered as
a CA certificate by default (something that
deviates from the documented behavior).